Contents


Page Last Modified: Apr 23, 2018


Share Link:   https://answers.fredonia.edu/x/CACP


Report problems with this page

fred_logo.jpg

Rev. 8.14.17

Purpose

The State University of New York at Fredonia is required by University, New York State and Federal regulations to implement practices to limit the unintended exposure or unauthorized access to Social Security Numbers (SSNs) and Credit Card Numbers (CCNs). SSNs and CCNs are strictly prohibited from being transmitted (sending or receiving) via email. Therefore, the Fredonia Messaging Gateway policy for Credit Card Numbers (CCNs) and Social Security Numbers (SSN)  is intended to actively filter and block fredonia.edu email accounts from sending and receiving this regulated data.  The Messaging Gateway will utilize an advanced algorithm and internationally accepted key phrases to effectively filter and then  bounce emails that contain this data. The Fredonia Messaging Gateway also enables Fredonia to provided critical security measures to protect our email and productivity infrastructure with effective and accurate real-time antispam and antimalware protection, targeted attack protection, advanced content filtering, and data loss prevention.

Scope
All inbound and outbound e-mails for fredonia.edu accounts.

NOTE: This includes email to and from fredonia.edu accounts.

Messaging Gateway Policy

  • The Messaging Gateway uses algorithms to distinguish between valid credit card numbers or valid social security numbers and other numeric strings of the same length and/or format. Valid numbers may not be actual numbers of either type.

  • Filter based on the presence of any known key phrases in the BODY & SUBJECT AND a number that is a valid credit card number or social security number regardless of format.

  • Fredonia email accounts will be prevented from sending or receiving e-mail with a credit card or social security number and an associated keyword anywhere in the body, subject or attachment of email. If you are the sender, then you will receive an Non-Delivery Report notification (bounce message.)  If someone from outside of Fredonia sends to a fredonia.edu email account such a message, they would receive the Non-Delivery Report notification.

  • Encrypted attachments cannot be scanned.  Therefore  contents of encrypted attachments will not trigger this policy.

  • The bounce notification will not contain a copy of the original email. 

SAMPLE Social Security Number Inbound and Outbound Non-Delivery Report (NDR) E-mail:

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to its.servicecenter@fredonia.edu.

If you do so, please include this problem report. You can delete your own text from the attached returned message.

“Fredonia respects the privacy and security of your personal information.  In addition, we are prohibited from sending or receiving social security numbers via e-mail.  Your e-mail appears to contain this information, so please contact the individual or office to determine an alternate means to relay the information. For your convenience, we are providing the below contact information so you may contact those offices to relay your  social security number: Undergraduate Admissions Office - (800) 252-1212 toll free, Financial Aid Office - (716) 673-3253, Student Accounts Office - (716) 673-3236, Office of the Registrar - (716) 673-3171, Extended Learning (J-Term, Summer Sessions, or Extended Learning Credit Program) - (716) 673-3177. Please contact the ITS Service Center should you have any questions or concerns (716) 673-3407 regarding this e-mail message. Thank you.”

SAMPLE Credit Card Number Inbound and Outbound Non-Delivery Report (NDR) E-mail:

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to its.servicecenter@fredonia.edu.

If you do so, please include this problem report. You can delete your own text from the attached returned message.

“Fredonia respects the privacy and security of personal information.  In addition, we are prohibited from sending or receiving credit card numbers via e-mail.  Your e-mail appears to contain this information. We are permitted to accept credit numbers as a method of payment over the phone in a secure manner, in person, and via an online authorized payment gateway.  Please contact the individual or office you were trying to reach to determine an alternate means to relay the information. You may contact the ITS Service Center should you have any questions or concerns (716) 673-3407 regarding this e-mail message. Thank you.”

Compliance


Short URL to this page: https://answers.fredonia.edu/x/CACP


Search